Amerandus Research Website Hacking Notice

Hello,

I contacted senior support and got some more details on what happened to your site. It seems that the files that were removed likely caused the site to go down. They explained that these files had to be removed as they werecompromised and could have damaged the server.

We are going to attempt to do a restore from the oldest backup and try to get the site back up that way. However. since the farthest backup is after those files were removed. tile only way it will work is if there was some other issueintroduced to your site between the time of the oldest backup andnow. Also,this restore cannot be done before tomorrow. If the restore does not work than you will need to restore the site from your own backups or reinstall WordPress on your stte. Once again. these files had to be removed as they posed a risk to tile entire server.

We will let youknow once tile restore is complete. Pleaselet us know if you have any questions. Thank you,

Rick

LuxSci Support

Robert Bauchwitz (bauchwitz@luxsci.net) on January 30, 2018 10:26:33 am

OK. This will require us to obtain the services of a WordPress security expert and possibly other forensic experts to examine what has occurred, how to repair it, and also how to prevent it from occurring again.

It seems to us that it may have been a multi-step attack. One of the first steps apparently was to stop the automatic updates of the WordPress template (unless such updates were discontinued by the developer, which we do not know).

In either case, additional security weaknesses could then have been exploited.

It would be very helpful and important to know more about exactly what security flaws and exploits Luxsci observed, by what route Luxsci believes those were introduced, and all the information Luxsci possess which might allow the tracking of those who were involved with hacking the site.